I'm using wss4j v 2.4.1 with spring ws to send a SOAP with attachment. The attachment must be signed and encrypted.
The below is my code snippet (wss4j configuration only):
Wss4jSecurityInterceptor sec = new Wss4jSecurityInterceptor();
sec.setSecurementEncryptionCrypto(crypto);
String securementActions = "Encrypt" + " Signature";
sec.setSecurementActions(securementActions);
sec.setSecurementEncryptionUser(cryptoInfo.getKeystoreCertificateAlias());
sec.setSecurementSignatureParts("{}cid:Attachments;");
sec.setSecurementSignatureUser(cryptoInfo.getKeystoreKeyName());
sec.setSecurementEncryptionParts("{}cid:Attachments;");
sec.setSecurementSignatureCrypto(crypto);
sec.setSecurementSignatureKeyIdentifier("DirectReference");
sec.setSecurementEncryptionKeyIdentifier("DirectReference");
sec.setSecurementPassword(cryptoInfo.getKeystoreKeyPassword());
I get the error below:
Caused by: org.apache.wss4j.common.ext.WSSecurityException: no attachment callbackhandler supplied
at org.apache.wss4j.dom.message.Encryptor.encryptAttachment(Encryptor.java:336)
at org.apache.wss4j.dom.message.Encryptor.doEncryption(Encryptor.java:207)
at org.apache.wss4j.dom.message.WSSecEncrypt.encryptForRef(WSSecEncrypt.java:211)
I don't know how to pass the callback handler, as there's no direct method in the Wss4jSecurityInterceptor that's something like setSecurementCallbackHandler exist.
I would like to point out that my requirement is to send the payload signed and encrypted in the attachment and not in the SOAP Body. The body should be empty.
It's hard to see a working documentation for this use case.